[ale] Getting root ssh key to work (was Re: [ot] Xmpp, ejabberd question)

Jim Kinney jim.kinney at gmail.com
Fri Jan 13 16:17:05 EST 2012 

The user must have read access to the private key associated with the
public key installed on the remote machine. That requires the private key
to be 600 perms. ssh will fail otherwise.


On Fri, Jan 13, 2012 at 3:57 PM, Tim Watts <tim at cliftonfarm.org> wrote:

> On Fri, 2012-01-13 at 15:40 -0500, Jim Kinney wrote:
> > On Fri, Jan 13, 2012 at 3:28 PM, David Tomaschik
> > <david at systemoverlord.com> wrote:
> >         You should have the public key in a file called
> >         authorized_keys on the
> >         server side.
> >
> > Yep! Easy tool is called ssh-copy-id <user>@<hostname>  will do the
> > RightThing (tm) on the remote end.
> >
> Does root's authorized_keys need to have my public key in order for me
> to do "ssh timtw at blueberry"  from root?
>
> I can "ssh blueberry" as root using the key I gen'ed but I can't "ssh
> timtw at blueberry" as root (get Permission denied (publickey)).  Same song
> when I tried to "ssh-copy-id timtw at blueberry" as root.
>
> It works when I'm timtw no problem, using my key.
>
> > Also you will need to edit the /etc/ssh/sshd_config file and change
> >
> > #PubkeyAuthentication yes
> > #AuthorizedKeysFile    .ssh/authorized_keys
> >
> > to
> >
> > PubkeyAuthentication yes
> > AuthorizedKeysFile    .ssh/authorized_keys
> >
> Already had that.  I can ssh as timtw with my ssh key no problem.
>
> >
> > For the back up process, you will want to put the key in the account
> > of the backup user on the far machine (back up data storage system -
> > wilma), not root user.
> >
> >
> >         David
> >
> >
> >         On Fri, Jan 13, 2012 at 3:06 PM, Tim Watts
> >         <tim at cliftonfarm.org> wrote:
> >         > OK, I did an ssh-keygen for root and managed to copy its
> >         id_rsa.pub to
> >         > $host:/root/.ssh.  (I have "PasswordAuthentication no" in my
> >         sshd_config
> >         > so can't use ssh-copy-id.)  On the target host it shows
> >         this:
> >         >
> >         > $ sudo ls -l /root/.ssh/
> >         > total 8
> >         > -rw-r--r-- 1 root root 396 2012-01-13 14:36 id_rsa.pub
> >         > -rw-r--r-- 1 root root 884 2010-11-28 13:36 known_hosts
> >         >
> >         > On my local machine I have this:
> >         >
> >         > # ls -l /root/.ssh
> >         > total 12
> >         > -rw------- 1 root root 1743 2012-01-13 14:25 id_rsa
> >         > -rw-r--r-- 1 root root  396 2012-01-13 14:25 id_rsa.pub
> >         > -rw-r--r-- 1 root root  884 2009-11-11 06:17 known_hosts
> >         >
> >         > The timestamp difference is due to copying it to my home
> >         before scp-ing
> >         > it to the target host.
> >         >
> >         > And yet:
> >         >
> >         > # ssh timtw at blueberry
> >         > Permission denied (publickey).
> >         > # ssh blueberry
> >         > Permission denied (publickey).
> >         >
> >         > My sshd_config has "PermitRootLogin yes".  What else could I
> >         be missing?
> >         >
> >         >
> >         > On Fri, 2012-01-13 at 13:56 -0500, Jim Kinney wrote:
> >         >> root user needs to do a keygen and put the pub on wilma.
> >         >>
> >         >> On Fri, Jan 13, 2012 at 1:40 PM, Tim Watts
> >         <tim at cliftonfarm.org>
> >         >> wrote:
> >         >>         On Fri, 2012-01-13 at 11:51 -0500, Jim Kinney
> >         wrote:
> >         >>         > root on fred goes to fredbak on wilma
> >         >>
> >         >>
> >         >>         Just to be clear: does this mean that the backup
> >         job runs as
> >         >>         root but
> >         >>         rsyncs as fredbak (via ssh key) to wilma?  As in:
> >         >>
> >         >>                # rsync $OPTS $SRC fredbak@$TGTHOST:$DST
> >         >>
> >         >>         I get an error when I try to do something similar:
> >         >>
> >         >>         OPTS="-az --delete-during --delete-delay -h
> >         --progress
> >         >>         --stats"
> >         >>
> >         >>         # rsync $OPTS /etc /home/timtw
> >         >>         timtw at blueberry:/home/timtw/backups/dellberry
> >         >>         Permission denied (publickey).
> >         >>         rsync: connection unexpectedly closed (0 bytes
> >         received so
> >         >>         far) [sender]
> >         >>         rsync error: unexplained error (code 255) at
> >         io.c(601)
> >         >>         [sender=3.0.7]
> >         >>         #
> >         >>
> >         >>         I am able to ssh to blueberry via my ssh key when
> >         I'm timtw
> >         >>         but not as
> >         >>         root.  Is my key in the wrong place?
> >         >>
> >         >>
> >         >>         _______________________________________________
> >         >>         Ale mailing list
> >         >>         Ale at ale.org
> >         >>         http://mail.ale.org/mailman/listinfo/ale
> >         >>         See JOBS, ANNOUNCE and SCHOOLS lists at
> >         >>         http://mail.ale.org/mailman/listinfo
> >         >>
> >         >>
> >         >>
> >         >>
> >         >> --
> >         >> --
> >         >> James P. Kinney III
> >         >>
> >         >> As long as the general population is passive, apathetic,
> >         diverted to
> >         >> consumerism or hatred of the vulnerable, then the powerful
> >         can do as
> >         >> they please, and those who survive will be left to
> >         contemplate the
> >         >> outcome.
> >         >> - 2011 Noam Chomsky
> >         >>
> >         >> http://heretothereideas.blogspot.com/
> >         >>
> >         >> _______________________________________________
> >         >> Ale mailing list
> >         >> Ale at ale.org
> >         >> http://mail.ale.org/mailman/listinfo/ale
> >         >> See JOBS, ANNOUNCE and SCHOOLS lists at
> >         >> http://mail.ale.org/mailman/listinfo
> >         >
> >         >
> >         > _______________________________________________
> >         > Ale mailing list
> >         > Ale at ale.org
> >         > http://mail.ale.org/mailman/listinfo/ale
> >         > See JOBS, ANNOUNCE and SCHOOLS lists at
> >         > http://mail.ale.org/mailman/listinfo
> >         >
> >
> >
> >
> >         --
> >
> >         David Tomaschik, RHCE, LPIC-1
> >         System Administrator/Open Source Advocate
> >         OpenPGP: 0x5DEA789B
> >         http://systemoverlord.com
> >         david at systemoverlord.com
> >
> >         _______________________________________________
> >         Ale mailing list
> >         Ale at ale.org
> >         http://mail.ale.org/mailman/listinfo/ale
> >         See JOBS, ANNOUNCE and SCHOOLS lists at
> >         http://mail.ale.org/mailman/listinfo
> >
> >
> >
> >
> > --
> > --
> > James P. Kinney III
> >
> > As long as the general population is passive, apathetic, diverted to
> > consumerism or hatred of the vulnerable, then the powerful can do as
> > they please, and those who survive will be left to contemplate the
> > outcome.
> > - 2011 Noam Chomsky
> >
> > http://heretothereideas.blogspot.com/
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>


-- 
-- 
James P. Kinney III

As long as the general population is passive, apathetic, diverted to
consumerism or hatred of the vulnerable, then the powerful can do as they
please, and those who survive will be left to contemplate the outcome.
- *2011 Noam Chomsky

http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120113/dc786b53/attachment-0001.html

More information about the Ale mailing list